Heads up to anyone using iOS's Mail app: security researcher Jan Souček has found a serious vulnerability in the way the app handles inline HTML, allowing an attacker to load arbitrary web pages—including a simulated iCloud login prompt for phishing purposes. You can watch the proof-of-concept here:
The iCloud prompt is only one possible exploit. Other login prompts could also be emulated with a bit of HTML and CSS. As such, grabbing Google or Facebook logins might be only a step away.
For the curious, Souček has a GitHub repository with his sample code. He found this bug back in iOS 8.1.2, and reported it last January. However, Apple didn't fix it in subsequent updates. I'm guessing they will now.
|Aerocool starts Project 7 with a flurry of case and cooling gear||3|
|NTFS filesystem bug could crash Windows 7, 8, and 8.1||5|
|Enermax NeoChanger is both a pump and a reservoir||3|
|Acer sprinkles the Iconia Tab 10 with quantum dots||6|
|Deals of the week: lots of motherboards and a cheap GTX 1080||15|
|MSI Vortex G25VR, Infinite-A, and Pro 20EX PCs fill all niches||1|
|Nvidia unveils the GeForce GTX Battlebox certification program||25|
|Acer Spin 1 and Nitro 5 laptops are ready for school season||13|
|Ryzen AGESA 22.214.171.124 exposes more memory overclocking options||55|